SSO, on of the worse things I hear in any security meating. My personal belief is that it ruin any semi-useful security plan.

In this case a friend of mine is dicussing it being used in conjunction with a web-based CRM application, that is exposed on the Internet. The Accounts are tied directly to the internal network domain.

Does anyone have any suggestion when it comes to increasing the security of this setup. Perhaps you will cause me to switch from my stance that it is a huge vilnerability just waiting to be exploited. I have always been against all forms of SSO, especially when exposed to the Internet.

Well, normally I hate SSO as well.... but I've really been getting into it when the system to provide the SSO is a two-factor system. My favorite is Safeword by Security Focus. Basically it is a token based system that can give you a decent level of control over what folks have access to. It can integrate into windows, linux, and anything else that speaks Radius. It also integrates with the Sidewinder firewall to provide control over where folks are allowed to go on the Internet using their content managment thing.

So basically my answer is: SSO is good using 2-factor as it centralizes your accounts while adding to your security.

--P.G>

About how much are they charging per token packet?